The invention relates to a method for controlling memory access on a chip card and an apparatus for carrying out the method.
Data-controlled payment systems are used in order to pay for merchandise without cash or for settling payment for services or the like. Such data-controlled payment systems are described, for instance, in the journal "Betriebspraxis" B.B1.2/1982, page 48, by Dr. R. Nowak and W. Roeder, in an article entitled "Die Chipkarte--nachste Generation der Automatenkarte". The cards used in such devices have an essential element which is a non-volatile electric data memory that can be accessed through electric contacts on the surface of the card. During every use, the memory content is accessed by an arithmetic unit and may be changed in the process.
Such cards are used in security and access systems, in bookkeeping or recording systems and in debit or credit systems. In order to assure a wide circulation and frequent use of the cards, operators of such systems issue large numbers of cards and offer a sprawling network of readers and computers. However, in order to preclude misuse of the data, the card systems must meet stringent security requirements. The spread of the carrier cards cannot always be controlled and therefore must be especially protected against use by unauthorized persons.
This can be achieved by a release operation, in which a data comparison between a PIN code word which refers to one person is entered by an operator or encoded by a computer and a stored reference word is carried out. In a further check, the card is identified within a terminal by means of a card-related code which is stored on the card and in the terminal. In this manner, the use of a given card in one or more given terminals is checked for authorization. Depending on the result of the comparison, access is either released (i.e. approved) or prevented (i.e. denied). If a card-related secret code is identically stored in a larger number of cards and terminals, there is the risk of this secret code also becoming known to an unauthorized person who could therefore install valid cards or terminals himself without authorization.
Protection provided by a card-related code therefore fails if the data become known, such as through betrayal. One protection against this is to limit the validity period of circulating cards. However, this limitation requires the regular issuance of new cards and therefore can only be carried out at high cost and inconvenience.